OpenAI's GPT-4 can exploit real vulnerabilities by reading security advisories

The Register - Wed, 17/04/2024 - 11:15
While some other LLMs appear to flat-out suck

AI agents, which combine large language models with automation software, can successfully exploit real world security vulnerabilities by reading security advisories, academics have claimed.…

Categories: News

Japanese government rejects Yahoo<i>!</i> infosec improvement plan

The Register - Wed, 17/04/2024 - 06:44
Just doesn't believe it will sort out the mess that saw data leak from LINE messaging app

Japan's government has considered the proposed security improvements developed by Yahoo!, found them wanting, and ordered the onetime web giant to take new measures.…

Categories: News

Fire in the Cisco! Networking giant's Duo MFA message logs stolen in phish attack

The Register - Wed, 17/04/2024 - 01:06
Also warns of brute force attacks targeting its own VPNs, Check Point, Fortinet, SonicWall and more

Cisco is fighting fires on a couple cybersecurity fronts this week involving its Duo multi-factor authentication (MFA) service and its remote-access VPN services.…

Categories: News

MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time

The Register - Tue, 16/04/2024 - 21:32
What a twist!

MGM Resorts wants the FTC to halt a probe into last year's ransomware infection at the mega casino chain – because the watchdog's boss Lina Khan was a guest at one of its hotels during the cyberattack, apparently.…

Categories: News

Alleged cryptojacker accused of stealing $3.5M from cloud to mine under $1M in crypto

The Register - Tue, 16/04/2024 - 17:31
No prizes for guessing the victims

A Nebraska man will appear in court today to face charges related to allegations that he defrauded cloud service providers of more than $3.5 million in a long-running cryptojacking scheme.…

Categories: News

SIM swap crooks solicit T-Mobile US, Verizon staff via text to do their dirty work

The Register - Tue, 16/04/2024 - 16:30
No breach responsible for employee contact info getting out, says T-Mo

T-Mobile US employees say they are being sent text messages that offer them cash to perform illegal SIM swaps for supposed criminals.…

Categories: News

Open sourcerers say suspected xz-style attacks continue to target maintainers

The Register - Tue, 16/04/2024 - 15:07
Social engineering patterns spotted across range of popular projects

Open source groups are warning the community about a wave of ongoing attacks targeting project maintainers similar to those that led to the recent attempted backdooring of a core Linux library.…

Categories: News

Change Healthcare’s ransomware attack costs edge toward $1B so far

The Register - Tue, 16/04/2024 - 13:50
First glimpse at attack financials reveals huge pain

UnitedHealth, parent company of ransomware-besieged Change Healthcare, says the total costs of tending to the February cyberattack for the first calendar quarter of 2024 currently stands at $872 million.…

Categories: News

Google location tracking deal could be derailed by politics

The Register - Tue, 16/04/2024 - 11:45
$62 million settlement plan challenged over payments to progressive nonprofits

Google's plan to pay $62 million to settle allegations that it tracked people even when their Location History setting was switched off may have to be renegotiated based on several objections.…

Categories: News

CISA in a flap as Chirp smart door locks can be trivially unlocked remotely

The Register - Mon, 15/04/2024 - 23:35
Hard-coded credentials last thing you want in home security app

Some smart locks controlled by Chirp Systems' software can be remotely unlocked by strangers thanks to a critical security vulnerability.…

Categories: News

Roku makes 2FA mandatory for all after nearly 600K accounts pwned

The Register - Mon, 15/04/2024 - 16:32
Streamer says access came via credential stuffing

Streaming giant Roku is making 2FA mandatory after attackers accessed around 591,000 customer accounts earlier this year.…

Categories: News

Delinea Secret Server customers should apply latest patches

The Register - Mon, 15/04/2024 - 15:00
Attackers could nab an org's most sensitive keys if left unaddressed

Customers of Delinea's Secret Server are being urged to upgrade their installations "immediately" after a researcher claimed a critical vulnerability could allow attackers to gain admin-level access.…

Categories: News

US senator wants to put the brakes on Chinese EVs

The Register - Mon, 15/04/2024 - 14:00
Fears of low-cost invasion and data spies spark call for ban

Electric vehicles may become a new front in America's tech war with China after a US senator called for Washington DC to block Chinese-made EVs to protect domestic industries and national security.…

Categories: News

Identifying third-party risk

The Register - Mon, 15/04/2024 - 09:03
The prima facie case for real-time threat intelligence

Webinar  Cybercriminals are always on the hunt for new ways to breach your privacy, and busy supply chains often look like a good way to get in under the wire.…

Categories: News

US House approves FISA renewal – warrantless surveillance and all

The Register - Mon, 15/04/2024 - 02:58
PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more

Infosec in brief  US Congress nearly killed a reauthorization of FISA Section 702 last week over concerns that it would continue to allow warrantless surveillance of Americans, but an amendment to require a warrant failed to pass.…

Categories: News

Zero-day exploited right now in Palo Alto Networks' GlobalProtect gateways

The Register - Fri, 12/04/2024 - 23:43
Out of the PAN-OS and into the firewall, a Python backdoor this way comes

Palo Alto Networks on Friday issued a critical alert for an under-attack vulnerability in the PAN-OS software used in its firewall-slash-VPN products.…

Categories: News

Google One VPN axed for everyone but Pixel loyalists ... for now

The Register - Fri, 12/04/2024 - 21:21
Another one bytes the dust

In an incredibly rare move, Google is killing off one of its online services – this time, VPN for Google One.…

Categories: News

Microsoft breach allowed Russian spies to steal emails from US government

The Register - Fri, 12/04/2024 - 15:37
Affected federal agencies must comb through mails, reset API keys and passwords

The US Cybersecurity and Infrastructure Security Agency (CISA) warns that Russian spies who gained access to Microsoft's email system were able to steal sensitive data, including authentication details and that immediate remedial action is required by affected agencies.…

Categories: News

French issue <em>alerte rouge</em> after local governments knocked offline by cyber attack

The Register - Fri, 12/04/2024 - 06:30
Embarrassing, as its officials are in the US to discuss Olympics cyber threats

Several French municipal governments' services have been knocked offline following a "large-scale cyber attack" on their shared servers.…

Categories: News

Apple stops warning of 'state-sponsored' attacks, now alerts about 'mercenary spyware'

The Register - Fri, 12/04/2024 - 05:46
Report claims India's government, which is accused of using Pegasus at home, was displeased

Apple has made a significant change to the wording of its threat notifications, opting not to attribute attacks to a specific source or perpetrator, but categorizing them broadly as "mercenary spyware."…

Categories: News


Subscribe to Sec Tec Limited aggregator - News